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Status of the Claims 

1. (Currently Amended) A system, comprising: 
a device; 

5 at least one first entity associated with the device, the first entity 

comprising any of a user, a user agent and a principal; 

a first user identifier in a first namespace associated with the first entity, 
the first user identifier comprising any of a name identifier and an identity 
assertion; 

10 a second user identifier in a second namespace associated with the first 

entity, the second user identifier known to a service provider, the second 
namespace disparate from the first namespace, wherein the first user identifier 
and the second user identifier are pseudonymous to each other; 
an authentication agency; 

15 means for sending a login request from the first entity to the authentication 

agency; 

means for receiving an assertion at the first entity from the authentication 
agency in response to the log in request; 

means for sending the received assertion and the first user identifier in the 
20 first namespace to a participant; 

means for authenticating the first entity at a the participant with the 
received assertion; 

means for sending the first user identifier in the first namespace and a 
request for service on behalf of the first entity from a second entity comprising 

25 any of the participant and a service consumer associated with the participant to 
any of the authentication agency and a discovery service associated with the 
authentication agency, using the received assertion , the reguest for service 
comprising a reguest for a service descriptor for locating the service provider, 
and a reguest for a service assertion for accessing the service provider ; a&4 

30 means for translating the first user identifier in the first namespace to the 

second user identifier in the second namespace at the authentication agency; 
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means for an sending an author i zation the service descriptor, the service 
assertion, and the second user identifier from the authentication agency to the 
second entity for th e r e qu e st e d s e rvic e in response to the sent request for 
service if the first entity is enabled for the requested service , wherein the sent 
5 second user identifier is sent in a format that the second entity is blinded to the 
second user identifier; 

means for sending the service assertion to the service provider; and 
means for providing the requested service for the second entity at the 
service provider in response to the received service assertion if the second entity 
10 is authorized for the requested service by the user . 

2. (Previously Presented) The system of Claim 1 , further comprising: 

at least one identity associated with the first entity, and user information 
associated with at least one of the identities; and 
15 at least one core service associated with the system and related to at least 

a portion of the user information. 

3. (Previously Presented) The system of Claim 2, wherein the core service is 
accessible by the first entity. 

20 

4. (Previously Presented) The system of Claim 2, wherein the core service is 
accessible by the participant. 

5. (Previously Presented) The system of Claim 2, wherein the core service is 
25 associated with one or more core service providers. 

6. (Previously Presented) The system of Claim 2, wherein the core service 
comprises any of an authentication service, a profile service, an alert service, a 
calendar service, an address book service and a wallet service. 

30 

7. (Currently Amended) The system of Claim 1, wherein th e auth e ntication 
ag e ncy furth e r compr i s e s m e ans for trans l ating nam e spaces, such that a user 
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identity of the first entity m-a in the first namespace is translatable to a user 
identity m-a in the second namespace at the authentication agency . 

8. (Previously Presented) The system of Claim 7, wherein the user identity in 
5 the second namespace is encrypted. 

9. (Previously Presented) The system of Claim 7, wherein the user identity in 
the second namespace is time-bound. 

10 10. (Previously Presented) The system of Claim 1, wherein a user identity is 
associated with the first entity, and wherein the system further comprises: 

at least one core authentication record associated with the user identity, 
comprising any of services and links associated with the user identity. 

15 11. (Currently Amended) A system An syst e m , comprising: 
an authentication agency 

for authenticating at le ast on e a first entity comprising any of a user, 
a user agent and a principal , the first entity having a first user identifier in 
a first namespace and a second user identifier in a second namespace, 

20 the second user identifier known to a service provider, the first user 

identifier comprising any of a name identifier and an identity assertion, the 
second namespace disparate from the first namespace, wherein the first 
user identifier and the second user identifier are pseudonymous to each 
other , 

25 an4 for sending ass e rt i ons an assertion to a device corresponding 

to the first e ntiti e s entity, and 

for translating the first user identifier in the first namespace to the 

second user identifier in the second namespace : and 

at least one second entity comprising 
30 means for receiving the ass e rtions assertion and the first user 

identifier from the first e ntities entity . 
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means for authenticating the first e ntiti e s entity at the second entity 
with the received ass e rtions assertion , 

means for sending r e qu e sts a request for service and the first user 
identifier on behalf of the first e ntit ie s entity to any of the authentication 
5 agency and a discovery service associated with the authentication 

agency , us i ng th e r e c e iv e d authent i cation information from sa i d f i rst 
e ntiti e s , 

means for receiving author i zations an authorization sent from the 
authentication agency in response to the sent r e qu e sts request if the first 
1 0 e nt i ti e s are entity is enabled for the requested s e rvic e s service ; 

means for receiving the second user identifier sent from the 
authenticating agency in a format that the second entity is blinded to the 
second user identifier: an4 

means for invoking the requested authorized s e rvic e s service at the 
15 service provider with the received author i zations authorization and the 

received second user identifier, and 

means for receiving the invoked requested service from the service 
provider at the second entity if the second entity is authorized for the 
invoked reguested service by the user . 

20 

12. (Previously Presented) The system of Claim 11, further comprising: 

a discovery module associated with the authentication agency and 
adapted to receive a user identifier associated with the first entity and a service 
name known to the system. 

25 

13. (Previously Presented) The system of Claim 1 1, further comprising: 

at least one core service associated with the system and related to the first 

entity. 

30 14. (Previously Presented) The system of Claim 13, wherein the core service is 
accessible by the first entity. 
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15. (Previously Presented) The system of Claim 13, wherein the core service is 
accessible by the second entity. 

16. (Previously Presented) The system of Claim 13, wherein the core service is 
5 associated with one or more core service providers. 

17. (Previously Presented) The system of Claim 13, wherein the core service 
comprises any of an authentication service, a profile service, an alert service, a 
calendar service, an address book service and a wallet service. 

10 

18. (Currently Amended) The system of Claim 11, wherein th e auth e ntication 
ag e ncy furth e r compris e s means for trans l ating nam e spac e s, such that a user 
identity of a first the first entity in-a in the first namespace is translatable to a user 
identity m-a in the second namespace at the authentication agency . 

15 

19. (Previously Presented) The system of Claim 18, wherein the user identity in 
the second namespace is encrypted. 

20. (Previously Presented) The system of Claim 18, wherein the user identity in 
20 the second namespace is time-bound. 

21. (Previously Presented) The system of Claim 11, wherein an identity is 
associated with the first entity, and wherein the system further comprises: 

at least one core authentication record associated with the identity, 
25 comprising any of services and links associated with the identity. 

22. (Currently Amended) The system of Claim 11, wherein the first e ntity i s 
locat e d at a device is linked to the system. 

30 23. (Currently Amended) A process, comprising the steps of: 

sending a login request from a first entity associated with a device to an 
authentication agency, the first entity comprising any of a user, a user agent and 
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a principal , the first entity having a first user identifier in a first namespace and a 
second user identifier in a second namespace, the second user identifier known 
to a service provider, the first user identifier comprising any of a name identifier 
and an identity assertion, the second namespace disparate from the first 
5 namespace, wherein the first user identifier and the second user identifier are 
pseudonymous to each other ; 

receiving an assertion at the first entity from the authentication agency in 
response to the log in request; 

sending the received assertion and the first user identifier to a participant; 
1 0 authenticating the first entity at a the participant through th e first e ntity with 

the received assertion; 

sending the first user identifier in the first namespace and a request for a 
service on behalf of the first entity from a second entity comprising any of the 
participant and a service consumer associated with the participant to any of the 
15 authentication agency and a discovery service associated with the authentication 
agency, using the assertion; af*4 

translating the first user identifier in the first namespace to the second 
user identifier in the second namespace at the authentication agency ; 

sending an authorization and the translated second user identifier from the 
20 authentication agency to the second entity for the requested service in response 
to the sent request if the princ i pa l first entity is enabled for the requested service^ 
wherein the translated second user identifier is sent in a format that the second 
entity is blinded to the second user identifier ; 

sending the authorization from the second entity and to the service 
25 provider; and 

providing the reguested service for the second entity at the service 
provider in response to the sent authorization if the second entity is authorized 
for the reguested service bv the user . 

30 24. (Previously Presented) The process of Claim 23, further comprising the step 
of: 
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establishing at least one core service associated with the system and 
related to the first entity. 

25. (Previously Presented) The process of Claim 24, wherein the core service is 
5 accessible by the first entity. 

26. (Previously Presented) The process of Claim 24, wherein the core service is 
accessible by the participant. 

10 27. (Original) The process of Claim 24, wherein the core service is associated 
with one or more core service providers. 

28. (Previously Presented) The process of Claim 23, wherein the core service 
comprises any of an authentication service, a profile service, an alert service, a 

15 calendar service, an address book service and a wallet service. 

29. (Currently Amended) The process of Claim 23, further comprising the step 
of: 

translating namespaces for user identities , such that a user identity of a 
20 first entity m-a in the first namespace is translated to a user identity m-a in the 
second namespace. 

30. (Original) The process of Claim 29, further comprising the step of: 

encrypting the user identity in the second namespace. 

25 

31. (Original) The process of Claim 29, wherein the user identity in the second 
namespace is time-bound. 

32. (Previously Presented) The process of Claim 23, further comprising the 
30 steps of: 

establishing at least one identity associated with the first entity; and 

29 



Application No. 10/678,910 



Attorney Docket No. AOL0091 



associating at least one core authentication record with the established 
identity, comprising any of services and links associated with the established 
identity. 

5 33. (Currently Amended) A process, comprising the steps of: 

providing an authentication agency networked to a service; 
establishing an identity at the authentication agency for a first entity 
associated with a device, the first entity comprising any of a user, a user agent 
and a principal , the first entity having a first user identifier in a first namespace 
10 and a second user identifier in a second namespace, the second user identifier 
known to a service provider, the first user identifier comprising any of a name 
identifier and an identity assertion, the second namespace disparate from the 
first namespace, wherein the first user identifier and the second user identifier 
are pseudonymous to each other ; 
15 sending authentication information from the authentication agency to the 

device f i rst e ntity ; 

sending the authentication information and the first user identifier from the 
device to a participant; 

authenticating the first entity at-a at the participant with the authentication 
20 information; 

sending the first user identifier in the first namespace and a request for a 
service on behalf of the principa l first entity from a second entity comprising any 
of the participant and a service consumer associated with the participant to any 
of the authentication agency and a discovery service associated with the 
25 authentication agency; 

translating the received first user identifier in the first namespace to the 
second user identifier in the second namespace at the authentication agency; 

sending an authorization and the translated second user identifier from the 
authentication agency to the second entity to access the service on behalf of the 
30 first entity if the first entity is enabled for the service by the authentication 
agency; an4 
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establishing a link between the second entity and the service provider , 
based upon the authorization and the translated second user identifier; and 

providing the requested service for the second entity at the service 
provider in response to the sent authorization and the translated second user 
5 identifier, if the second entity is authorized for the requested service by the user. 

34. (Previously Presented) The process of Claim 33, wherein the second entity 
comprises any of a network site, a service provider and a store. 

10 35. (Previously Presented) The process of Claim 33, wherein the authorization 
comprises a service descriptor and a service assertion, wherein the service 
descriptor comprises means for locating the requested service and wherein the 
service assertion comprises a credential to establish the link. 

15 36. (Currently Amended) The system of Claim 1, further comprising: 

means for invoking the requested service through the second entity using 
the authorization service descriptor, the service assertion, and the second user 
identifier . 

20 37. (Previously Presented) The system of Claim 1, wherein the participant 
comprises any of a network site, a service provider and a store. 

38. (Currently Amended) The system of Claim 1, wh e r e in the requ e st for 
s e rv i c e compr i ses a s e rvic e descriptor and a s e rv i c e ass e rt i on, wh e r e in th e 

25 s e rv i c e d e scriptor compr i s e s m e ans for locating th e r e quest e d s e rv i c e , and 
wherein the service assertion comprises a credential to access the requested 
service. 

39. (Previously Presented) The system of Claim 1, wherein at least one identity 
30 is associated with the first entity, comprising any of a personal identity, a 

business identity and an anonymous identity. 
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40. (Previously Presented) The system of Claim 11, wherein the second entity 
comprises any of a network site, a service provider and a store. 

41. (Previously Presented) The system of Claim 11, wherein the authorizations 
5 comprise a service descriptor and a service assertion, wherein the service 

descriptor comprises means for locating the requested service, and wherein the 
service assertion comprises a credential to access the requested service. 

42. (Previously Presented) The system of Claim 11, wherein at least one 
10 identity is associated with the first entity, comprising any of a personal identity, a 

business identity and an anonymous identity. 

43. (Previously Presented) The process of Claim 23, further comprising the step 
of: 

15 invoking the requested service through the second entity using the 

authorization. 

44. (Previously Presented) The process of Claim 23, wherein the participant 
comprises any of a network site, a service provider and a store. 

20 

45. (Previously Presented) The process of Claim 23, wherein the authorization 
comprises a service descriptor and a service assertion, wherein the service 
descriptor comprises means for locating the requested service and wherein the 
service assertion comprises a credential to invoke the requested service. 

25 

46. (Previously Presented) The process of Claim 23, wherein at least one 
identity is associated with the first entity, comprising any of a personal identity, a 
business identity and an anonymous identity. 
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